Ransomware Hackers Hijacks University Alert Systems to Threaten Students and Faculty

Schools are one of the most common targets for cybercriminals, so a ransomware group hacking a university in Virginia isn't so surprising. However, what is surprising is what the hackers did next.

In a bold move, the hackers hijacked the university's emergency communications system and used it to spam students and faculty with threatening SMS messages. The unfortunate victim in this event was Bluefield University, a private Baptist university with about 1000 students located in Western Virginia.

Hackers Hijacked Bluefield University's RamAlert

On April 30, Bluefield University disclosed to the students and staff that they were currently experiencing a cyberattack that impacted their IT systems. At that time, the University found no evidence of any cases of identity theft or financial fraud linked to the incident as faculty and staff were able to access most university apps and websites.

"Upon learning of this issue, we immediately engaged the provider and independent third-party cybersecurity experts to assist in our review and remediation efforts, but it may be a few days before full functionality can be restored," as stated by Bluefield.

The incident took a nasty turn on May 1 when the Avos ransomware gang hijacked the University's emergency broadcast system, known as RamAlert, to send texts and emails to students and faculty that their data has been stolen.

As shared by Brett Callow on twitter, the messages sent to the students and staff of Bluefield state that the hackers have about 1.2 TB of their data. The alerts sent by the hackers instructed students and staff to pressure Bluefield's president to pay the full ransom demand.

The final message delivered by Avos Ransomware Gang, or AvosLocker, urged recipients to share this information with news outlets or their data may be leaked in the Darkweb. They also added, "Call President David Olive to tell him to pay us immediately. Otherwise, prepare for attacks."

Later that day, AvosLocker released a limited amount of stolen data, including a document related to the school's insurance policy and a W-2 Tax Form for Bluefield's President.

Bluefield's Response to the Hackers

Bluefield is advising students and staff to not open any links sent to them or send emails from their school accounts. The university also postponed their final exams as several school systems were still unavailable.

The university spokesperson declined to comment on whether they will consider paying the hackers.

Ransomware groups have used various methods to raise the heat on their victims from double to triple extortion. A few of their methods include emailing school customers, calling their partners, emailing competition, and setting up data leak portals with search features.

However, Bluefield is the first school to ever experience a hijack in its emergency alert system. AvosLocker's use of the school's emergency alert system is likely to prevent the University's administration from downplaying the impact of the cyberattack and claims that no data had been stolen.

While it could be an opportunistic case, this shows the lengths to which ransomware groups go to amplify their blackmail.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics